Publications

Displaying 1 - 25 of 34

Optimizing Implementations of Boolean Functions

January 31, 2024

Author(s)

Meltem Sonmez Turan

Symmetric cryptography primitives are constructed by iterative applications of linear and nonlinear layers. Constructing efficient circuits for these layers, even for the linear one, is challenging. In 1997, Paar proposed a heuristic to minimize the number

Design Trends in Lightweight Ciphers

January 4, 2024

Author(s)

Meltem Sonmez Turan

Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process

June 16, 2023

Author(s)

Meltem Sonmez Turan, Kerry McKay, Donghoon Chang, Jinkeon Kang, Noah Waller, John M. Kelsey, Lawrence E. Bassham, Deukjo Hong

The National Institute of Standards and Technology (NIST) initiated a public standardization process to select one or more Authenticated Encryption with Associated Data (AEAD) and hashing schemes suitable for constrained environments. In February 2019, 57

Discussion on the Full Entropy Assumption of the SP 800-90 Series

April 14, 2023

Author(s)

Darryl Buller, Aaron Kaufer, Allen Roginsky, Meltem Sonmez Turan

The NIST SP 800-90 series [1][2][3] supports the generation of high-quality random bits for cryptographic and non-cryptographic use. The security strength of a random number generator depends on the unpredictability of its outputs. This unpredictability

Resistance of Ascon Family against Conditional Cube Attacks in Nonce-Misuse Setting

October 25, 2022

Author(s)

Donghoon Chang, Deukjo Hong, Jinkeon Kang, Meltem Sonmez Turan

Ascon family is one of the finalists of the National Institute of Standards and Technology (NIST) lightweight cryptography standardization process. The family includes three Authenticated Encryption with Associated Data (AEAD) schemes: \ascon-128 (primary)

New Bounds on the Multiplicative Complexity of Boolean Functions

September 11, 2022

Author(s)

Meltem Sonmez Turan

Multiplicative Complexity (MC) is defined as the minimum number of AND gates required to implement a function with a circuit over the basis AND, XOR, NOT}. This complexity measure is relevant for many advanced cryptographic protocols such as fully

A New Conditional Cube Attack on Reduced-Round Ascon-128a in a Nonce-misuse Setting

May 9, 2022

Author(s)

Donghoon Chang, Jinkeon Kang, Meltem Sonmez Turan

Ascon is one of the finalists of the National Institute of Standards and Technology (NIST) lightweight cryptography standardization process. In 2019, Ascon was also selected as the primary choice for lightweight authenticated encryption in the final

On the Multiplicative Complexity of Cubic Boolean Functions

August 11, 2021

Author(s)

Meltem Sonmez Turan, Rene Peralta

Multiplicative complexity is a relevant complexity measure for many advanced cryptographic protocols such as multi-party computation, fully homomorphic encryption, and zero-knowledge proofs, where processing AND gates is more expensive than processing XOR

Status Report on the Second Round of the NIST Lightweight Cryptography Standardization Process

July 20, 2021

Author(s)

Meltem Sonmez Turan, Kerry McKay, Donghoon Chang, Cagdas Calik, Lawrence E. Bassham, Jinkeon Kang, John M. Kelsey

The National Institute of Standards and Technology (NIST) is in the process of selecting one or more authenticated encryption and hashing schemes suitable for constrained environments through a public, competition-like process. In February 2019, 57

Recovering the Key from the Internal State of Grain-128AEAD

April 3, 2021

Author(s)

Donghoon Chang, Meltem Sonmez Turan

Grain-128AEAD is one of the second-round candidates of the NIST lightweight cryptography standardization process. There is an existing body of third-party analysis on the earlier versions of the Grain family that provide insights on the security of Grain

Observations on COMET

November 16, 2020

Author(s)

Daniel J. Bernstein, Henri Gilbert, Meltem Sonmez Turan

This note provides two observations on COMET, a second round candidate of the NIST lightweight cryptography standardization process. The first observation uses a long message to detect the use of weak keys, whereas the second observation focuses on the

Boolean Functions with Multiplicative Complexity 3 and 4

July 18, 2020

Author(s)

Cagdas Calik, Meltem Sonmez Turan, Rene C. Peralta

Multiplicative complexity (MC) is defined as the minimum number of AND gates required to implement a function with a circuit over the basis (AND, XOR, NOT). Boolean functions with MC 1 and 2 have been characterized in Fischer and Peralta, and Find et al

TMPS: Ticket-Mediated Password Strengthening

February 14, 2020

Author(s)

John M. Kelsey, Dana Dachman-Soled, Meltem Sonmez Turan, Sweta Mishra

We introduce the notion of Ticket-Mediated Password Strengthening (TMPS), a technique for allowing users to derive keys from passwords while imposing a strict limit on the number of guesses of their password any attacker can make, and strongly protecting

Status Report on the First Round of the NIST Lightweight Cryptography Standardization Process

October 7, 2019

Author(s)

Meltem Sonmez Turan, Kerry A. McKay, Cagdas Calik, Dong Hoon Chang, Lawrence E. Bassham

Upper Bounds on the Multiplicative Complexity of Symmetric Boolean Functions

August 17, 2019

Author(s)

Luis Brandao, Cagdas Calik, Meltem Sonmez Turan, Rene Peralta

A special metric of interest about Boolean functions is multiplicative complexity (MC): the minimum number of AND gates sufficient to implement a function with a Boolean circuit over the basis XOR, AND, NOT}. In this paper we study the MC of symmetric

The Multiplicative Complexity of 6-variable Boolean Functions

April 3, 2018

Author(s)

Cagdas Calik, Meltem Sonmez Turan, Rene C. Peralta

The multiplicative complexity of a Boolean function is the minimum number of AND gates that are necessary and sufficient to implement the function over the basis (AND, XOR, NOT). Finding the multiplicative complexity of a given function is computationally

Recommendation for the Entropy Sources Used for Random Bit Generation

January 10, 2018

Author(s)

Meltem Sonmez Turan, Elaine B. Barker, John M. Kelsey, Kerry A. McKay, Mary L. Baish, Mike Boyle

This Recommendation specifies the design principles and requirements for the entropy sources used by Random Bit Generators, and the tests for the validation of entropy sources. These entropy sources are intended to be combined with Deterministic Random Bit

Report on Lightweight Cryptography

March 28, 2017

Author(s)

Kerry McKay, Lawrence E. Bassham, Meltem Sonmez Turan, Nicky Mouha

NIST-approved cryptographic standards were designed to perform well using general-purpose computers. In recent years, there has been increased deployment of small computing devices that have limited resources with which to implement cryptography. When

The Number of Boolean Functions with Multiplicative Complexity 2

October 27, 2015

Author(s)

Magnus G. Find, Daniel C. Smith-Tone, Meltem Sonmez Turan

Multiplicative complexity is a complexity measure, which is defined as the minimum number of AND gates required to implement a given primitive by a circuit over the basis (AND, XOR, NOT), with an unlimited number of NOT and XOR gates. Implementations of

Predictive Models for Min-Entropy Estimation

September 13, 2015

Author(s)

John M. Kelsey, Kerry McKay, Meltem Sonmez Turan

Random numbers are essential for cryptography. In most real-world systems, these values come from a cryptographic pseudorandom number generator (PRNG), which in turn is seeded by an entropy source. The security of the entire cryptographic system then

The Multiplicative Complexity of Boolean Functions on Four and Five Variables

March 17, 2015

Author(s)

Meltem Sonmez Turan, Rene C. Peralta

A generic way to design lightweight cryptographic primitives is to construct simple rounds using small nonlinear components such as 4x4 S-boxes and use these iteratively (e.g., PRESENT and SPONGENT). In order to efficiently implement the primitive, optimal

How Random is Your RNG?

January 18, 2015

Author(s)

Meltem Sonmez Turan, John M. Kelsey, Kerry A. McKay

Cryptographic primitives need random numbers to protect your data. Random numbers are used for generating secret keys, nonces, random paddings, initialization vectors, salts, etc. Deterministic pseudorandom number generators are useful, but they still need

PDR: A Prevention, Detection and Response Mechanism for Anomalies in Energy Control Systems

October 30, 2013

Author(s)

Maria C. Alcaraz, Meltem Sonmez Turan

Prevention, detection and response are nowadays considered to be three priority topics for protecting critical infrastructures, such as energy control systems. Despite attempts to address these current issues, there is still a particular lack of

Related-Key Slide Attacks on Block Ciphers with Secret Components

September 18, 2013

Author(s)

Meltem Sonmez Turan

Lightweight cryptography aims to provide sufficient security with low area/power/energy requirements for constrained devices. In this paper, we focus on the lightweight encryption algorithm specified and approved in NRS 009-6-7:2002 by Electricity

A Chosen IV Related Key Attack on Grain-128a

July 24, 2013

Author(s)

Subhadeep Banik, Subhamoy Maitra, Santanu (. Sarkar, Meltem Sonmez Turan

Due to the symmetric padding used in the stream cipher Grain v1 and Grain-128, it is possible to find Key-IV pairs that generate shifted keystreams efficiently. Based on this observation, Lee et al. presented a related-Key chosen IV attack on Grain v1 and

Search Publications by: Meltem Sonmez Turan (Fed)